> In the future, we plan to respond quickly to requests like the initial
> one, asking the requester for the appropriate information needed to
> assign a CVE ID. If the Editorial Board members have suggestions on
> better ways to handle these situations, we would appreciate you input.
Thanks for the background. In this example just a ping back to the oss
list saying that it's complex and you're working on it (or having the
discussion of the complexity with upstream on that list) would have
helped. Especially after the 2nd request a month later -- radio silence
from Mitre looked like no one was paying attention or it was in some
backlog queue, not that the issue was being actively worked on.
Thanks, Mark